To Install the Access Manager Root CA Certificate on Apache HTTP Server 2.2 (Sun Java System Access Manager Policy Agent 2.2 Guide for Apache HTTP Server 2.2)

Sun Java System Access Manager Policy Agent 2.2 Guide for Apache HTTP Server 2.2

Previous: Installing the Access Manager Root CA Certificate for a Remote Apache HTTP Server 2.2 Instance
Next: Chapter 7 Managing the Apache HTTP Server 2.2 Web Agent

To Install the Access Manager Root CA Certificate on Apache HTTP Server 2.2

Change to the cert directory.

The following example illustrates the location of the cert directory:
```
PolicyAgent-base/AgentInstance-Dir/cert
```
The following is a feasible example of the full path to the cert directory without the PolicyAgent-base placeholder:
```
/usr/local/webagents/apache22_agent/Agent_001/cert
```

Set the proper environment by issuing the following command:
```
setenv LD_LIBRARY_PATH PolicyAgent-base/lib:/usr/lib/mps
```

(Conditional) If you have not already created the necessary certificate database, create that database now by issuing the following command:
```
PolicyAgent-base/bin/certutil -N -d .
```
The following is a feasible example of how this command might look without the PolicyAgent-base placeholder:
```
/usr/local/webagents/apache22_agent/bin/certutil -N -d .
```
For more information about the directory structure, see Inside the Web Agent Base Directory.

Install root CA certificate by issuing the following command:
```
PolicyAgent-base/bin/certutil -A -n cert-name -t
"C,C,C" -d cert-dir -i cert-file
```
cert-name

The name for this root CA certificate

cert-dir

The directory where the certificate and key stores are located

cert-file

The base-64 encoded root CA certificate file

For example, if the Root CA certificate of the Access Manager host is present in the directory PolicyAgent-base/Agent_001/cert and if the name of this certificate file is root_ca.crt, then the following command would be appropriate:
```
PolicyAgent-base/bin/certutil -A -n am_root_ca_cert
-t "C,C,C" -d . -i root_ca.crt
```
The following is a feasible example of how this command might look without the PolicyAgent-base placeholder:
```
/usr/local/webagents/apache22_agent/bin/certutil -A -n
am_root_ca_cert -t "C,C,C" -d . -i root_ca.crt
```

To verify that the certificate is properly installed, using the command line, issue the following command:

PolicyAgent-base/bin/certutil -L -d .

The root CA certificate is then listed in the output of the certutil -L command as illustrated in the following code example:

Certificate Name                             Trust Attrubutes


cert-name                                      C,C,C

p    Valid peer
P    Trusted peer (implies c)
c    Valid CA
T    Trusted CA to issue client certs (implies c)
C    Trusted CA to certs(only server certs for ssl) (implies c)
u    User cert
w    Send warning

Restart Apache HTTP Server.